Here's what I suggest with no additional hardware required.
Turn on SQM on your WAN interface as outbound only (use the physical interface, like eth0.1 or whatever).
Turn on SQM on your LAN interface as outbound only with the layer cake option (use physical interface, eth0.2 or whatever) use the outbound bandwidth as the same as your WAN inbound bandwidth.
create a DSCP tagger chain in your firewall, and tag all the packets headed to your guest LAN as CS1, tag all the packets headed to your primary LAN as CS2. See recent thread here: Creating DSCP markings with iptables?
VOILA! high priority for your main LAN, low priority for your Guests, no bandwidth limit required.